EAP-FAST Security Feature

To provide more secure authentication in the wireless network, the Cisco Unified Wireless IP Phone 7920 now supports Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST). You can use either WEP or Temporal Key Integrity Protocol (TKIP) encryption when using EAP-FAST.

A client server security architecture, EAP-FAST encrypts EAP transactions within a Transport Level Security (TLS) tunnel. The tunnel is based on Protected Access Credentials (PAC) for more secure authentication between the client and the RADIUS server.

Note•The default expiration for a PAC is one week in the Cisco Access Control Server (ACS). If the phone has an expired PAC, it will take approximately 20 seconds longer to authenticate with the RADIUS server while the phone gets a new PAC.

•If you were using LEAP prior to upgrading to firmware release 3.01, be aware that EAP mode may change to EAP-FAST after upgrading the firmware when EAP-FAST is enabled on the RADIUS server. With firmware release 3.01, the default setting for EAP mode is Auto. When using the Auto setting for EAP mode, EAP-FAST has precedence over LEAP.

If using EAP-FAST with Cisco Airespace technology, you must increased the EAP session 802.1x timeout to at least 20 seconds to insure that the phone gets the PAC credentials successfully.

To change the session timeout on the Cisco Airespace AP. follow these steps:

Procedure

Step 1 SSH or Telnet to Airespace controller(s.)

Step 2 Type "config advanced eap request-timeout 20".

Step 3 Type "save config".

Step 4 Type "y" to confirm.

If the Cisco Unified Wireless IP Phone 7920 firmware is downgraded to 2.0 or earlier and you are using EAP-FAST for authentication, the phone will not be able to authenticate. Firmware Release 2.0 does not support EAP-FAST, so you must use LEAP as your authentication method with earlier releases and enable it on the Cisco ACS.

For more information about configuring and using the EAP-FAST feature, refer to "Overview of the Wireless Network" chapter in theCisco Unified Wireless IP Phone 7920 Administration Guide.

Cisco Unified Wireless IP Phone 7920 Localization

Release 3.0 firmware provides these translated and localized versions of the phone:

You must install the locale-specific version of the Cisco Unified CallManager Locale Installer on every Cisco Unified CallManager server in the cluster. Installing the locale installer ensures that you have the latest translated text, user and network locales, and country-specific phone tones available for the Cisco Unified IP Phones.

Note After modifying the user locale on the Cisco Unified Wireless IP Phone 7920, you must power cycle the phone.

Cisco Unified Wireless IP Phone 7920 for Australia and New Zealand

A version of the Cisco Unified Wireless IP Phone 7920 is now available for the Australia and New Zealand market. To comply with Australia and New Zealand requirements, this model (CP-7920-AU-K9) has a separate buzzer to ring the phone. The buzzer is supported with Version 3.01 firmware.

Because the phone rings only through the buzzer, other ring tones are not supported. All tones, including warning tone, play the same sound. The phone setting, Ring Tone Output, is not applicable to the Australia/New Zealand version of the phone.

The Cisco recommended headset (ear bud) does not comply with Australia and New Zealand requirements; therefore, this headset is not orderable for these regions. Other headsets are not qualified for use with the Cisco Unified Wireless IP Phone 7920.

Battery Life Improvement for Out of Range

When the Cisco Unified Wireless IP Phone 7920 goes outside of the wireless LAN range, the phone enters a power save mode that reduces scanning. The reduction in scanning can help preserve battery life.

After returning to the coverage area, the user can reconnect to the wireless LAN faster by pressing the Answer/Send (green key). The phone immediately scans all channels and attempts to reconnect to the wireless LAN.

Cisco Unified CallManager Release 4.1 Phone Features

•Pickup Group enhancements that include the OPickUp softkey for accessing associated pickup group calls

•The auto-pickup system parameter that allows users to immediately connect to a call ringing in their pickup group.

Cisco Unified CallManager Release 4.2 Phone Features

The Cisco Unified Wireless IP Phone 7920 now supports these phone features available with Cisco Unified CallManager Release 4.2:

Pickup Notification Enhancements

This new feature allows users to receive an audio and/or visual alert when a call rings on a phone in pickup groups in which they are a member. For multiple line phones, the alert is available for pickup groups associated with the primary line only.

You can configure these notification parameters in the Call Pickup Group Configuration window:

•Type of notification (audio, visual, both, or neither)

•Content of the visual notification message (called party identification, calling party identification, both, or neither)

•Number of seconds delay between the time the call comes into the original called party and the notification to the rest of the call pickup group members

You can configure the type of audio notification that is provided when a phone is idle or in use in the Directory Number Configuration window.

Log Out of Hunt Groups

Logging out of hunt groups allows users to block incoming hunt group calls when they are away from the phone. Use the HLog softkey to log out of the hunt groups or to log back in.

Note Directed Call Park feature is not supported at this time.

Cisco Unified CallManager Release 5.0 Phone Features

The Cisco Unified Wireless IP Phone 7920 now supports the presence feature available with Cisco Unified CallManager, Release 5.0 by providing the busy lamp field (BLF) speed-dial feature. Users can determine the state of a phone line that is associated with a speed-dial number on their phone screen. Icons next to the phone screen show these presence states:

•Busy

•Idle

•Not available

Note To make these new features available to Cisco Unified Wireless IP Phone 7920 users, you must upgrade your Cisco Unified CallManager system with the latest DevPack patch for your release of Cisco Unified Callmanager. See the "Installing the New Firmware Image" section.

Voice Quality Metrics

Administrators can configure the Cisco Unified Wireless IP Phone 7920 to collect call diagnostics and voice quality metrics by setting the Call Diagnostics Enabled and CDR flag to True in the Cisco Unified CallManager Service Parameters.

You can view the metrics to monitor voice quality and troubleshoot network problems by using the Call Statistics screen on the phone. The Call Statistics screen on the phone displays counters, statistics, and voice quality metrics in the following ways:

•During call—You can view the call information by displaying the Call Statistics screen.

•After the call—You can view the call information captured during the last call by displaying the Call Statistics screen.

For more information about the Site Survey screen, refer to the "Verifying the Wireless Network Configuration on the Cisco Unified Wireless IP Phone" in the Cisco Unified Wireless IP Phone 7920 Administration Guide.

Phone Book Changes

When resetting the Cisco Unified Wireless IP Phone 7920 back to factory defaults, all the previously configured Phone Book entries are now erased. This saves the administrator time when moving a wireless IP phone from one user to another, because the administrator no longer has to delete each individual Phone Book entry.

Cisco Unified CallManager Product Specific Configuration Changes

The Phone Configuration page in Cisco Unified CallManager Administration includes these additions to the Product Specific Configuration section for the Cisco Unified Wireless IP Phone 7920:

•Coverage Warning—This setting controls whether an idle phone that is no longer within the service coverage area, can give an audible beep tone. Default setting is Off.

Note When a user is on a call and travels out of the coverage area, the phone always provides a beep tone.

Phone Alert Changes for XML Applications

Users can now set how many times an alert plays when an XML application sends an alert tone to a phone user. Under the Phone Settings menu, a new submenu called "Alert Replay," allows a user to set the number of replays for the alert tone. If set to 9, the alert tone plays 9 times. Default setting is 1.

To change the alert replay, follow these steps:

Procedure

Step 1 Choose Menu > Phone Settings > Alert Replay.

Step 2 Press Edit and enter a number from 0 to 9. (The default setting is 1.)

Step 3 Press OK to save the change.

Step 4 Press Back to return to the main menu.

Users can also set the volume of the alert when an XML application sends an alert tone to a phone user.

To change the alert volume, follow these steps:

Procedure

Step 1 Choose Menu > Profiles > User Profiles> (profile name).

Step 2 Select Alert Volume.

Step 3 Press the right arrow to increase the volume or the left arrow to decrease the volume.

Step 4 Press Back to return to the main menu.

Support for Vibrate Feature with XML Applications

With firmware release 3.01, the Cisco Unified Wireless IP Phone 7920 can now receive a URI message from a third party XML application that activates the vibrate device on the phone. You can use these parameters to customize the vibration sequence:

Vibrate Duration—Sets the vibrate-on interval in milliseconds

Silence Duration—Sets the vibrate-off interval in milliseconds

Count—Sets the number of times to repeat the vibrate on/off sequence

Syntax for the vibrate URI is:

Vibrate:[{vibrateDuration}:{silenceDuration}:{count}]

Idle Phone Battery Life Improvements

Cisco Unified Wireless IP Phone 7920 Firmware Release 3.01 includes enhancements to maximize the battery life when the phone is idle.

UDI Information

UDI information is now available on Cisco Unified Wireless IP Phone 7920 phone in the Phone Settings menu.

To view the UDI information, follow these steps:

Procedure

Step 1 Choose Menu > Phone Settings > Phone Status.

Step 2 Select UDI to see this information:

•Product number (PID)

•Vendor number (VID)

•Serial number of the phone

Step 3 Press Back to return to the main menu.

Incoming Call Alert Options

Users can now control their incoming call alerts when on an active call. By using a new menu option called Ring Settings, users can configure their phone to "Beep Only" when they are on an active call and receiving a new call.

If set to "CCM Setting," the phone uses the line settings option that is configured in Cisco Unified CallManager Administration to alert them of an incoming call. These settings include:

•Ring

•Ring Once

•Beep Only

•Flash Only

•Disable

To change the ring setting option, follow these steps:

Procedure

Step 1 Choose Menu > Phone Settings > Ring Tones > Ring Setting.

Step 2 Select one of these options:

•Beep Only (This is the default setting.)

•CCM Setting

Step 3 Press Back to return to the main menu.

Roaming Threshold Changes

To accommodate some locations that require more aggressive roaming parameters, new options are available in the "Roaming" hidden menu.

•Automatic—Keeps current roaming mechanism where the wireless IP phone roams using dynamic thresholds depending on the current RSSI.

•Static—Press Edit and enter customized settings for these new parameters:

–Roam Holdoff—Sets the hold off time for roaming events to prevent back-to-back roaming.

–RSSI Thld—Sets the minimum acceptable signal threshold to which the wireless IP phone can roam.

–RSSI Diff Thld—Sets the signal difference threshold between the current AP and the next AP to which the wireless IP phone can roam.

Step 4 Press Back to return to the main menu.

Off-Hook Flash Feature

The Cisco Unified Wireless IP Phone 7920 phone now supports the off-hook flash feature through a new hidden menu called Off-Hook. If the Off-Hook setting is enabled on the phone, when the user presses the Answer/Send key without dialing a number, the phone sends an SCCP "Off-Hook" message to Cisco Unified CallManager. The user no longer has access to the last number redial list of phone numbers which is the standard function when pressing the Answer/Send button.

Installing the New Firmware Image

Before using the Cisco Unified Wireless IP Phone 7920 with Cisco Unified CallManager, you must install the version 3.01 firmware image on all Cisco Unified CallManager systems that run TFTP service. To load the version 3.01 firmware image for the Cisco Unified Wireless IP Phone 7920, follow these steps:

Note To make the new features available to Cisco Unified Wireless IP Phone 7920 users, you must upgrade your Cisco Unified CallManager system with the latest DevPack patch for your release of Cisco Unified CallManager. You can download the latest DevPack patch with the new CSV and XML schema at this URL: http://www.cisco.com/public/sw-center/sw-voice.shtml

Step 4 Follow the instructions in the Readme file to install the firmware.

Note•To downgrade firmware to version 1.09 or earlier, you must use the Cisco 7920 Configuration Utility to perform the downgrade.

•If the phone firmware is earlier than version 1.03 or the phone is configured in Cisco Unified CallManager as an IP Phone 7960 (releases prior to 3.3(3)SR1), you also need the os7920.txt file which is installed with the firmware.

If you are using the Cisco Unified Wireless IP Phone 7920 with Cisco Unified CallManager Express 3.1 or later, you can download the version 3.01 firmware image file cmterm_7920.4.0-03-01.bin from the software download center at the following URL:

Note•Cisco CME versions 3.1 and later support the Cisco 7920 phone type and do not require the phone load image helper file.

•If the phone firmware is earlier than version 1.03 or the phone is configured in Cisco Unified CallManager Express as an IP Phone 7960 (releases prior to 3.1) you also need the os7920.txt file. You can create this file by using a text editor such as Notepad. Create a new file with the name, os7920.txt and enter the firmware image name: cmterm_7920.4.0-03-01.

To install the version 3.01 firmware with Cisco Unified CallManager Express, you must manually copy the firmware image file cmterm_7920_4.0-03-01.bin to the Cisco Unified CallManager Express TFTP server (router flash) and enable it for TFTP. Update the 7920 load name to cmterm_7920.4.0-03-01.

For information about this procedure, refer to the "Setting Up Phones" chapter in the Cisco Unified CallManager Express Administration Guide for your version of Cisco CME at this URL:

Reducing the Holdoff Time for TKIP Countermeasure Mode

The Cisco Unified Wireless IP Phone 7920 may transmit a message integrity check (MIC) error to the access point when using TKIP. If the access point receives two MIC errors within 60 seconds, then the access point enters Countermeasure mode in which all associated TKIP clients are de-authenticated for the duration of the Countermeasure Holdoff time.

You can reduce the Holdoff time for TKIP Countermeasure mode to less than 60 seconds (the default value) on the access point.

Use this command on your access point configuration:

Interface dot11radio 0

Countermeasure tkip hold-time seconds

where seconds is the holdoff time. Suggested values are from 0 to 3.

Regulatory Domains for Cisco Unified Wireless IP Phone 7920

Be aware that you can use a Cisco Unified Wireless IP Phone 7920 only within the region in which it is purchased. The Cisco Unified Wireless IP Phone 7920 might not function properly in another region. The Cisco Unified Wireless IP Phone 7920 is manufactured and sold for specific regulatory domains. These domains, such as North America and Japan, have regulations that control the radio frequency (RF) channels and transmission power that are available for wireless phones.

You can determine the regulatory domain for your phone by accessing the Domain menu from Phone Settings. Choose Menu > Phone Settings > Phone Status > Domain. A check mark displays next to one of these settings as shown in Table 1.

Table 1 Supported Regulatory Domains

Regulatory Domain Number

Geographic Region

1

North America, Australia, New Zealand

2

Europe

3

Japan

7

Asian and Pacific

Cisco Unified CallManager Unit License

You need a Cisco Unified CallManager unit license for each Cisco Unified Wireless IP Phone 7920. Depending on the bundle that you order, you might need to order a license. For more information, refer to Cisco Unified Wireless IP Phone 7920 Data sheet at this URL:

Supported Access Points

The Cisco Unified Wireless IP Phone 7920 supports Cisco Aironet Access Points (APs) that can run Cisco IOS in autonomous mode and APs that run in lightweight mode with lightweight access point protocol (LWAPP) and using a wireless LAN controller. Table 2 lists the supported AP models and their operation mode in the WLAN.

Table 2 Supported Access Points and Modes

Access Point Models

Autonomous Mode

Lightweight Mode

Cisco Aironet AP 350

Yes

No

Cisco Aironet AP 1100

Yes

Yes

Cisco Aironet AP 1130

Yes

Yes

Cisco Aironet AP 1200

Yes

Yes

Cisco Aironet AP 1240

Yes

Yes

Cisco Aironet AP 1300

Yes

Yes

Cisco 1000 Series Lightweight AP

No

Yes

Wi-Fi compliant APs that are manufactured by third-party vendors should function with the Cisco Unified Wireless IP Phone 7920, but might not support key features such as Dynamic Transmit Power Control (DTPC), ARP-caching, LEAP/EAP-FAST, or QBSS.

Note Voice over the wireless LAN (VoWLAN) does not currently support MESH technology such as Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Points.

There can be up to 100 milliseconds delay between RTP packets when scanning the current channel.

CSCse48844

The Cisco Unified Wireless IP Phone 7920 cannot use a custom locale name for the TFTP path.

CSCse57669

When call forward all is enabled on the Cisco Unified Wireless IP Phone 7920, the call park number is not displayed.

CSCse58658

When receiving RTP through an XML push, the current call gets put on hold.

CSCse70227

The Cisco Unified Wireless IP Phone 7920 does not send an Acknowledgement (ACK) when told to restart or reset.

CSCse90042

When the Cisco Unified Wireless IP Phone 7920 is put on hold, it cannot play a holding beep tone.

CSCsf04685

When the Cisco Unified Wireless IP Phone 7920 receives many beacons, it can become unresponsive.

CSCsf06405

The Cisco Unified Wireless IP Phone 7920 can lock up after receiving an Inter-Access Point Protocol (IAPP) response packet from an Airespace AP version 4.0.

CSCsf10362

The Cisco Unified Wireless IP Phone 7920 does not use the winCharSet variable information in the HTTP header.

CSCsf10367

The Chirp 1 tone is not loud enough in some environments.

CSCsf13332

When roaming with WPA authentication, the Cisco Unified Wireless IP Phone 7920 can get an IP config failure.

CSCsf22418

Sometimes the Cisco Unified Wireless IP Phone 7920 is in a state where the user cannot hear audio.

CSCsf22421

UTF-8characters are not translated correctly.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have.PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

Ordering Documentation

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools.Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

•Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)